Turkish Republic of Northern Cyprus: Turkish Cypriot administration data breach exposes health records on dark web

Turkish Republic of Northern Cyprus: Turkish Cypriot administration data breach exposes health records on dark web

Massive Data Breach Exposes Personal and Medical Records of 364,000 in Northern Cyprus

A significant cybersecurity incident has exposed the personal and medical records of over 364,000 individuals in the Turkish Republic of Northern Cyprus (KKTC), a territory recognized only by Turkey. The breach, first reported by the Turkish Cypriot newspaper Yenidüzen, involves data from the KKTC’s public health system, affecting both citizens and foreign nationals who received healthcare in the region.

Cybersecurity experts in the Netherlands verified the authenticity of the leaked files, describing it as one of the largest data breaches in the territory’s history. The compromised database includes names, identity numbers, birthplaces, addresses, and family details, with records spanning 202 nationalities. Hackers also claimed to possess a separate database containing HIV/AIDS diagnoses, though this has not been independently confirmed. Additionally, they alleged access to entry and exit records for approximately 340,000 travelers to northern Cyprus.

Transportation Minister Erhan Arıklı acknowledged the breach as a credible threat, stating that government systems had previously been targeted by cyberattacks. He admitted that the KKTC lacked sufficient technical personnel to respond effectively and revealed that officials had requested cybersecurity assistance from Turkey while establishing a new defense unit.

Despite initial denials from authorities, Yenidüzen published screenshots from a dark web forum where hackers advertised the stolen data. The breach first appeared online on January 8 but went largely unnoticed for months, prompting opposition politicians to question why the public was not informed sooner.

The incident has drawn sharp criticism from professional organizations and opposition parties. The Chamber of Computer Engineers called for an independent investigation, framing the breach as a national security issue rather than just an IT failure. The Cyprus Turkish Medical Association warned that if confirmed, this would be the largest data leak in the territory’s history, eroding public trust in the government’s ability to protect sensitive information.

Opposition leaders, including the Republican Turkish Party (CTP), accused the administration of neglecting cybersecurity, leaving critical systems vulnerable due to insufficient funding, staffing, and legal protections. The breach also raises concerns about the security of the KKTC’s Turkey-backed digital infrastructure, including its e-government portal, which relies on systems developed by Turkey’s state-owned Türksat.

This incident follows broader scrutiny of data security in Turkey, where a separate breach in September 2024 exposed the personal details of over 108 million citizens. The KKTC breach underscores persistent vulnerabilities in regional cybersecurity frameworks, particularly in government-operated health and digital identity systems.

Source: https://www.turkishminute.com/2026/06/26/turkish-cypriot-administration-data-breach-exposes-health-records-on-dark-web/

Central Bank of Turkish Republic of Northern Cyprus cybersecurity rating report: https://www.rankiteo.com/company/central-bank-of-turkish-republic-of-northern-cyprus

"id": "CEN1782513005",
"linkid": "central-bank-of-turkish-republic-of-northern-cyprus",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '364,000 individuals (citizens '
                                              'and foreign nationals)',
                        'industry': 'Healthcare',
                        'location': 'Northern Cyprus',
                        'name': 'Turkish Republic of Northern Cyprus (KKTC) '
                                'Public Health System',
                        'type': 'Government'}],
 'data_breach': {'data_exfiltration': 'Yes (data advertised on dark web)',
                 'number_of_records_exposed': '364,000 (personal/medical '
                                              'records); 340,000 (travel '
                                              'records)',
                 'personally_identifiable_information': 'Names, identity '
                                                        'numbers, birthplaces, '
                                                        'addresses, family '
                                                        'details',
                 'sensitivity_of_data': 'High (includes personally '
                                        'identifiable information and '
                                        'sensitive health data)',
                 'type_of_data_compromised': ['Personal records',
                                              'Medical records',
                                              'Travel records']},
 'description': 'A significant cybersecurity incident has exposed the personal '
                'and medical records of over 364,000 individuals in the '
                'Turkish Republic of Northern Cyprus (KKTC). The breach '
                'involves data from the KKTC’s public health system, affecting '
                'both citizens and foreign nationals who received healthcare '
                'in the region. The compromised database includes names, '
                'identity numbers, birthplaces, addresses, and family details, '
                'with records spanning 202 nationalities. Hackers also claimed '
                'to possess a separate database containing HIV/AIDS diagnoses '
                'and alleged access to entry and exit records for '
                'approximately 340,000 travelers to northern Cyprus.',
 'impact': {'brand_reputation_impact': 'Severe erosion of public trust in '
                                       'government cybersecurity measures',
            'data_compromised': 'Personal and medical records, including '
                                'names, identity numbers, birthplaces, '
                                'addresses, family details, and alleged '
                                'HIV/AIDS diagnoses. Entry and exit records '
                                'for approximately 340,000 travelers.',
            'identity_theft_risk': 'High',
            'operational_impact': 'Erosion of public trust in government’s '
                                  'ability to protect sensitive information; '
                                  'potential national security concerns',
            'systems_affected': 'KKTC’s public health system, e-government '
                                'portal, and digital identity systems'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (data advertised on '
                                                    'dark web forum)'},
 'investigation_status': 'Ongoing (independent investigation called for by '
                         'Chamber of Computer Engineers)',
 'lessons_learned': 'Insufficient cybersecurity funding, staffing, and legal '
                    'protections; reliance on external assistance (Turkey) for '
                    'critical infrastructure; delayed public disclosure '
                    'exacerbates trust issues',
 'post_incident_analysis': {'corrective_actions': 'Request for cybersecurity '
                                                  'assistance from Turkey; '
                                                  'establishment of new '
                                                  'defense unit; potential '
                                                  'independent investigation',
                            'root_causes': 'Insufficient technical personnel, '
                                           'lack of cybersecurity funding, '
                                           'reliance on vulnerable external '
                                           'systems (e.g., Türksat-developed '
                                           'e-government portal), delayed '
                                           'detection and response'},
 'recommendations': 'Conduct independent investigation; strengthen '
                    'cybersecurity frameworks; improve technical personnel '
                    'capacity; enhance legal protections for data security; '
                    'implement proactive monitoring and incident response '
                    'plans',
 'references': [{'source': 'Yenidüzen (Turkish Cypriot newspaper)'},
                {'source': 'Cybersecurity experts in the Netherlands'}],
 'response': {'communication_strategy': 'Initial denials followed by '
                                        'acknowledgment; public disclosure '
                                        'delayed',
              'third_party_assistance': 'Cybersecurity assistance requested '
                                        'from Turkey; establishment of a new '
                                        'defense unit'},
 'stakeholder_advisories': 'Chamber of Computer Engineers: Treat as national '
                           'security issue; Cyprus Turkish Medical '
                           'Association: Warned of severe trust erosion',
 'title': 'Massive Data Breach Exposes Personal and Medical Records of 364,000 '
          'in Northern Cyprus',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.